Security News > 2023 > November > NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch

The latest warning to CNI operators of what the NCSC said is an enduring and significant threat comes after a year of serious assaults on critical services in the UK. Royal Mail International was the target of a serious attack by the LockBit group in January, and this was after a raid on software supplier Advanced forced the NHS to revert to pen and paper once again.

The UK and its intelligence partners have also sought to bring attention to the cyber threat faced by allied CNI over the past year, including alerts covering Russia's cyber-espionage-enabling Snake malware and China's attacks on US organizations.

"This kind of latent threat activity cannot be discounted and it demonstrates the interest that state-sponsored actors have not only in compromising CNI networks but persisting there too," the annual review by the British read. In the context of China, the phrase "Epoch-defining" was once again rolled out, the same phrasing the UK government has been using to describe the Middle Kingdom technological capability for a while now.

Because CNI operators in the UK are spread across both the private and public sectors, some have commercial pressures placed on them in addition to those brought by cyber attackers.

Due to the nature of the threat to CNI, the NCSC and UK government are working together to ensure an adequate level of resilience is mandated across all CNI sectors.

It also praised the various measures taken by regions throughout the past year to raise cybersecurity standards for CNI. The United States' TSA, for example, raised cybersecurity requirements for organizations in the transport sector and Uncle Sam's CISA made its first steps toward developing its cyber incident reporting regulations for the Critical Infrastructure Act of 2022.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/14/ncsc_cyber_readiness/